/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
SAP FIM user's login details (username and password) are displayed in clear in tomcat logs as shown in the below example of Tomcat/catalina traces:
ID: 16731
Address: http://localhost:8080/fim/ws/rs/Session/login
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[application/json, text/javascript, */*; q=0.01], accept-encoding=[gzip, deflate], accept-language=[en-US], cache-control=[no-cache], connection=[Keep-Alive], Content-Length=[83], content-type=[application/json], cookie=[JSESSIONID=BDFCA721821AAC4CA600C4254E5FCC77], dnt=[1], host=[localhost:8080], locale=[en-US], referer=[http://localhost:8080/fim/logon.html], user-agent=[Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko], x-csrf-token=[8AAFD7F1C6606829D79FFF974EFCFBAA], x-requested-with=[XMLHttpRequest]}
Payload: {"LogonForm":{"userName":"SAP","password":"password123","authMode":"secEnterprise"}}
Read more...
Environment
SAP Financial Information Management 10.0
Product
Keywords
FIM , Tomcat , password , in clear , logs , Catalina , encrypted , KBA , EPM-FIM , Financial Information Management (FIM) , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)